Quote from SearchOracle.com
says "Oracle Corp. on Friday confirmed that a variety of its server products could be tampered with through vulnerabilities via the OpenSSL protocol." My understanding is this: The vulnerability exists if using OpenSSL protocol. If users access all databases behind firewall via intranet, then tampering can only come from internal employees. Correct? To a point, this is correct. The OpenSSL vulnerability can only be exploited if someone has access to your database server. For these types of security reasons, many organizations place their database server behind a firewall, and rightfully so. However, application servers, which typically sit in a "De-militarized zone (DMZ)" area of the firewall, not only allow open access to the application server but also need a firewall hole poked to let the application server connect to the database. Depending on your level of security and your network configuration, it is possible for someone in the outside world to be able to exploit this security hole. For that reason, I make the appropriate security fixes for the database even if the database is inside the company's firewall.
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
Dig Deeper on Oracle database design and architecture
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.